COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA RELATING TO INDIVIDUALS
If an individual, at any time, has any questions or feedback relating to the Company’s Policy or the Company’s collection, use, processing and protection of their Personal Data, please do not hesitate to email at DPO@kddi.com.sg.
1 Types of Personal Data Collected
- 1.1 Personal Data which the Company collects include, but is not limited to:
- (a)individual’s name, National Identification Number (NID), passport or other identification number when it is required under law or when it is necessary to accurately establish or verify the identities of the individuals to high degree of fidelity;
- (b) individual’s telephone number, mailing address, email address and any other information relating to an individual which was provided in any forms submitted to the Company in any mode of communication;
- (c) information about users of the Company websites and services, including URLs and IP addresses, but only to the extent that the Company may identify individuals from such information;
- (d) information relating to job applicants and employees, including their employment history, education background, and income levels; and
- (e) individual’s financial information, such as bank account or credit card information for payment transactions and credit history.
- 1.2 The Company also collects business contact information, which refers to an individual’s name, position name or title, business telephone number, business address, business email address and any other similar information about the individual, not provided by the individual solely for his or her personal purposes.
2 Collection of Personal Data
- 2.1The Company collects Personal Data in several ways, including but not limited to the following manners:
- (a) When an individual contacts the Company for enquiries, via any mode of communication;
- (b) When an individual requests the Company to respond in writing or to return a telephone call; and
- (c) When an individual submits Personal Data to the Company for employment purposes.
- 2.2Further, when the Company collects or attempts to collect Personal Data from its customers, suppliers, vendors, contractors or business associates (the “Business Partners“), the Company shall notify its Business Partners of the intended purpose for which the Personal Data will be used, administered, processed and managed.
3 Purposes for Collection, Use and Disclosure of Personal Data
- 3.1The Personal Data which the Company collects from individuals may be collected, used and/or disclosed for the following purposes:
- (a) carrying out due diligence or other screening in accordance with any legal or regulatory obligations or the Company’s risk management procedures that may be required by law or that may have been put in place by the Company;
- (b) conducting research, analysis and development activities (including but not limited to data analytics, surveys and/or profiling) to improve the company’s products, services and facilities in order to enhance the business for the Company’s Business Partners’ benefits;
- (c) storing, hosting, backing up (whether for disaster recovery or otherwise) of individual’s Personal Data, whether within or outside the country of your residence; and
- (d) if it becomes necessary by a Court Order to cooperate with the data protection authority, complying with or as required by any applicable law, request or direction of any government agency and/or regulatory authority, or public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that the Company may/will disclose Personal Data to the aforementioned parties upon their request or direction.
(collectively, the “Purposes“)
- 3.2 The Company may collect, use and/or disclose the Personal Data for the purpose of direct marketing.
4 Legal Basis for Processing Personal Data
- 4.1 The Company will collect individuals’ Personal Data in accordance with the applicable laws and regulations. In general, before the Company collects any Personal Data from individuals, it will notify them of the purposes for which their Personal Data may be collected, used and/or disclosed, as well as obtain their consent for the collection, use and/or disclosure of their Personal Data for the intended purposes.
- 4.2 However, the Company may process the Personal Data without their consent where necessary, on the basis that it is necessary for the performance of a contract with the individual or on other legal bases, to the extent permitted by the applicable laws and regulations.
5 Specific Issues for the Disclosure of Personal Data to Third Parties
- 5.1 The Company respects the confidentiality of the Personal Data that individuals have provided.
- 5.2 In that regard, in connection with one or more of the Purposes, the Company will disclose any of individuals’ Personal Data to any third parties in accordance with the applicable laws and regulations. Please note that the Company may disclose individuals’ Personal Data to third parties without first obtaining their consent in certain situations where it is permitted by the applicable laws and regulations.
- 5.3 The Company will endeavour to provide adequate supervision over the handling and administration of their Personal Data by such third parties, as well as to provide for adequate forms of protection over such Personal Data.
6 Disclosure of Personal Data
- 6.1 Subject to the provisions of any applicable law, Personal Data of an individual by obtaining prior Consent of an individual, may be disclosed by the Company to third parties, but not limited to the following, whether they are located overseas or in the country of your residence for one or more of the above stated Purposes:
- (a) KDDI group companies (https://www.kddi.com/english/corporate/group/);
- (b) agents, contractors, or third-party service providers;
- (c) business partners;
- (d) banks, financial institutions;
- (e) professional advisers such as consultants, auditors, and lawyers; or
- (f) government or public agencies.
- 6.2 Please note that the Personal Data may be transferred to and stored at countries outside of the country of your residence whose laws and regulations may not provide the same level of the data protection. In such cases, the Company shall take such steps to ensure that the receiving third party is bound by legally enforceable obligations such as:
- (a) where the receiving party is an associated or affiliated organisation or related organisation, a set of binding corporate rules; and
- (b) where the receiving party is an unrelated third party, a contract or written agreement;
7 Retention Period
- 7.1 The Company will not retain the Personal Data for longer than required for the purposes for which the Personal Data are processed. The Company will keep the Personal Data:
- (a) For as long as required by the applicable laws and regulations;
- (b) Until the Company no longer has a valid reason for keeping it; or
- (c) Until the Company receives a lawful request to delete.
- 7.2 After the above retention period passes, the Company shall delete or anonymize the Personal Data in accordance with the applicable laws and regulations.
8 Individuals’ Rights
- 8.1 An individual may apply to access a copy of his/her Personal Data retained by the Company, or request for such Personal Data to be updated, corrected or deleted, by sending a written request to the Company via email, where they are recognized by the applicable laws and regulations. In addition, an individual may have the right to restrict certain types of processing of his/her Personal Data or the right to data portability, where they are recognized by the applicable laws and regulations, and may exercise the rights in the same manner as the above requests. Please be informed that the Company may charge an administrative and service fee to access and recover the Personal Data for the requested purpose and will inform such fee amount to the requester, accordingly.
- 8.2 An individual may have the right to submit, free of charge, his objection to the Company with respect to the processing for the purposes of direct marketing where it is permitted by the applicable laws and regulations.
- 8.3 The Company would usually respond to an exertion of the above rights within a reasonable time. However, if the Company is unable to respond within an ordinary period of time after receiving a request, the Company will inform the requester in writing providing the estimated number of days it will take to revert back. If the Company is unable to respond as requested, the Company shall generally inform the requester of the reasons why the Company is unable to do so (except where the Company is not legally required under the applicable laws and regulations).
- 8.4 If an individual feels that the Company has not responded to his/her request and has handled his/her Personal Data unlawfully, he/she may have the right to submit a complaint to the data protection authority where it is permitted by the applicable laws and regulations.
- 8.5 The rights stated above may be exercised even after the Personal Data has been disclosed and/or transferred to third parties.
9 Contractual or statutory obligation
- The provision of Personal Data is not a statutory or contractual requirement, or a requirement necessary to enter into a contract.
10 Request to Withdraw Consent
- 10.1 An individual may withdraw his/her consent for the Company to collect, use, administer, process or disclose his/her Personal Data for any purpose by submitting his/her request to the Company via email. In some cases, withdrawing consent may hinder the Company’s ability to facilitate, process, administer, provide or maintain services to the requester.
- 10.2 The Company will process the individual’s request within a reasonable time from such a request for withdrawal of consent being made, and will thereafter refrain from collecting, using and/or disclosing their Personal Data in the manner stated in their request.
11 Data Intermediaries
- 11.1 The Company may engage a data intermediary to process individuals’ Personal Data on behalf of the Company.
- 11.2 The Company undertakes an appropriate level of due diligence to assure that the data intermediary engaged by the Company to process Personal Data is compliant with the applicable laws and regulations.
12 Management and Security of Personal Data
- 12.1 The Company will take reasonable measures to protect Personal Data from any unauthorised access or modification, improper collection, use or disclosure, unlawful destruction or accidental loss.
- 12.2 However, be aware that no method of transmission over the internet or electronic storage is completely secure. While security cannot be guaranteed, the Company will strive to protect the security of the Personal Data and will constantly review and enhance its information security measures.
13 Updates on Policy
- 13.1 As part of the Company’s efforts to ensure that it properly manages, protects and processes individuals’ Personal Data, the Company will be reviewing its policies, procedures and processes from time to time.
- 13.2 The Company reserves the right to amend the terms of this Policy at its absolute discretion.
Last Updated on [8th June, 2022]